Follow
#python packages could have PGP signatures like forever (twine --sign), but predictably nobody uses it.
There's an active discussion on PEP 458 to sign packages at pypi (centrally) https://discuss.python.org/t/pep-458-secure-pypi-downloads-with-package-signing/2648/123